ChatGPT Lockdown Mode is now rolling out as an optional security setting designed to help users reduce the risk of sensitive data being leaked through prompt injection attacks.
The feature limits several ChatGPT tools that can connect to the web or external services. OpenAI says the goal is to reduce the chances of data exfiltration, especially for users and organizations that work with confidential information.
The setting is available to logged-in users across personal and workspace accounts, including Free, Go, Plus and Pro users, as well as self-serve ChatGPT Business accounts. It is not designed for everyone, but it gives security-conscious users a stricter way to use ChatGPT when handling sensitive data.
ChatGPT Lockdown Mode Targets Prompt Injection Risk
ChatGPT Lockdown Mode focuses on one of the most difficult security challenges facing AI systems: prompt injection.
A prompt injection attack happens when hidden or malicious instructions are placed inside content that an AI system reads. Those instructions may try to influence the model’s behavior, change its response or push it to reveal information that should remain private.
This risk becomes more serious when an AI assistant can browse the web, open external content, use connected apps or make network requests. In those cases, a malicious instruction could try to make the system send private data outside the conversation.
Lockdown Mode does not stop prompt injections from appearing in files, web pages or other content. Instead, it aims to reduce the possible routes attackers could use to move sensitive information out of ChatGPT.
What ChatGPT Lockdown Mode Disables
When ChatGPT Lockdown Mode is turned on, several features are disabled or restricted because they involve network access or external services.
Live web browsing is limited to cached content, which means ChatGPT may not be able to access the latest live web pages. Search results can also be limited, unavailable or outdated.
Image support is also restricted in regular responses. ChatGPT may not display images in normal answers or retrieve images from the web. However, users can still upload image files, and image generation remains available where it is already supported.
Deep research is disabled, as is Agent Mode. Canvas networking is also blocked, which means users cannot approve Canvas-generated code to access the internet.
File downloads are restricted as well. ChatGPT can still work with files that users manually upload, but it cannot download files for data analysis while Lockdown Mode is active.
Why ChatGPT Lockdown Mode Matters
ChatGPT Lockdown Mode matters because AI assistants are becoming more connected and more capable.
Modern AI tools can browse the web, analyze files, connect to apps, summarize documents, write code and help with research. These features are useful, but they also expand the number of places where sensitive information could be exposed if a malicious instruction succeeds.
For most casual users, the standard ChatGPT experience may be enough. But people dealing with legal documents, internal company files, financial records, security reports, private communications or confidential research may prefer tighter controls.
Lockdown Mode gives those users a more conservative option. It reduces convenience, but it also reduces exposure to certain network-based risks.
ChatGPT Lockdown Mode Is Not a Complete Shield
OpenAI makes clear that ChatGPT Lockdown Mode does not guarantee that data exfiltration can never happen.
Some risk may remain through enabled apps, unexpected combinations of tools or new attack techniques that have not yet been discovered. A malicious instruction hidden in an uploaded file could still affect the model’s behavior and lead to an incorrect answer.
That means Lockdown Mode should be treated as an extra layer of protection, not a complete replacement for good security practices.
Users should still avoid uploading unnecessary sensitive information, check outputs carefully and use separate security controls provided by their organization or workspace.
Apps and Connectors May Work Differently
The way ChatGPT Lockdown Mode handles apps and connectors depends on the account type and workspace settings.
For personal accounts and self-serve ChatGPT Business accounts, synced connectors may still be allowed, but live connector access and connector write actions are blocked. Some connected experiences may also be unavailable while Lockdown Mode is active.
In managed workspaces, administrators have more control. They can decide which apps, connectors and actions are available to members using Lockdown Mode. This allows organizations to balance security with the tools their teams need for daily work.
OpenAI advises admins to enable only trusted apps and actions for users who need stronger protection.
How to Turn On ChatGPT Lockdown Mode
Users can enable ChatGPT Lockdown Mode from the security settings when it is available for their account.
To turn it on, open Settings, select Security and look for Lockdown Mode under Advanced security. After switching it on, users need to confirm the change.
When Lockdown Mode is active, ChatGPT shows a status message above the message composer. Users can also turn it off for a single chat without disabling it everywhere.
OpenAI says Lockdown Mode and Developer Mode cannot be used at the same time. Turning on one will disable the other.
Active Sessions Add Another Security Layer
Alongside Lockdown Mode, OpenAI has also introduced active session controls for ChatGPT accounts.
This feature allows users to review devices and sessions linked to their account. The list can show details such as the device, app used, approximate location, sign-in time, trusted-device status and whether the session is currently active.
Users can log out of individual sessions or sign out of all sessions if they notice activity they do not recognize.
This is useful for account security because unauthorized access can expose conversations, files and connected tools. With active session controls, users have a clearer way to spot suspicious account activity and respond quickly.
ChatGPT Lockdown Mode Strengthens AI Safety Choices
ChatGPT Lockdown Mode shows how AI security is changing as chatbots become more connected to the web, apps and user data.
The feature does not remove every risk, and it will not be necessary for every user. But for people and organizations that handle sensitive information, it offers a practical way to reduce exposure from prompt injection-based data exfiltration.
By limiting web-connected tools, blocking file downloads, disabling agent features and restricting live external access, ChatGPT Lockdown Mode gives users more control over how much risk they are willing to accept.
As AI assistants continue to take on more complex tasks, security settings like this are likely to become an important part of how users manage privacy, trust and safety.
